PRIVACY POLICY

1. Purpose and categories of data processed

This privacy policy provides information on the processing of personal data of users who consult the website of the “Metropolitano Urban Center Roma”, pursuant to Article 13 of Regulation (EU) 2016/679 on the protection of personal data (GDPR).

Risorse per Roma S.p.A. ensures that the processing of personal data is carried out in compliance with current legislation.

This information notice applies exclusively to the processing of personal data carried out through consultation of the Metropolitano Urban Center Roma website and does not apply to other websites that may be accessed through external links published on this portal.
 
2. Data Controller

The DATA CONTROLLER is:

RISORSE PER ROMA S.P.A

Via Benedetto Croce, 32/40, 00142 Rome (RM),

VAT and Tax Code 04906911005;

Tel +39.0683199100

PEC: risorseperroma@pec.rpr-spa.it

3. Data Protection Officer

The Data Protection Officer appointed by Risorse per Roma S.p.A. is:

Silvia Sbardella

E-mail: dpo@rpr-spa.it

4. Purpose of processing and legal basis

Risorse per Roma S.p.A. processes personal data in connection with the services offered through the Metropolitano Urban Center Roma website exclusively for purposes related to its institutional activities or to comply with legal and regulatory obligations.

The legal basis for processing is:

• the performance of tasks carried out in the public interest or related to institutional functions;
• compliance with legal obligations;
• where required, the data subject’s consent.
   

5. Browsing data

The IT systems and software procedures used to operate this website acquire certain personal data during their normal operation, the transmission of which is implicit in the use of Internet communication protocols (e.g. IP addresses, access logs).

Such data are processed solely for:

• technical operation and security of the website;
• anonymous statistical analysis of website traffic.

6. Cookies and other tracking systems

Cookies are small text files that are sent by a website to the user’s browser, where they are stored and retransmitted to the website upon subsequent visits.

This website uses only technical session cookies, which are strictly necessary to ensure proper functioning of the website.

No profiling cookies or tracking systems are used.

7. Data voluntarily provided by the user

The optional, explicit, and voluntary sending of emails to the addresses indicated on the website or the completion of forms results in the acquisition of the sender’s contact details, including the email address, as well as any additional personal data voluntarily included in the message.

Such data are processed solely for the purpose of:

• responding to user requests;
• managing communications;
• newsletter subscription, where applicable.

Users may be contacted by email, telephone, or other communication systems by authorized personnel of Risorse per Roma S.p.A., where necessary.
 
8. Methods of processing and data retention

Personal data are processed using paper, electronic, and telematic tools by the Data Controller, appointed Data Processors, and authorized personnel, in compliance with GDPR provisions and using appropriate security measures to ensure confidentiality and integrity.

In accordance with the principles of lawfulness, purpose limitation, and data minimization (Article 5 GDPR), personal data are retained only for the time strictly necessary to achieve the purposes for which they were collected, subject, where required, to the user’s free and explicit consent.
 
9. Recipients or categories of recipients of data

Personal data may be communicated to:

• subjects appointed as Data Processors pursuant to Article 28 GDPR;
• authorized personnel acting under the authority of the Data Controller or Data Processor,

exclusively for purposes related to contractual, institutional, or legal obligations.
 
10. Transfer data outside the EU

Personal data are not transferred to third countries outside the European Union.
 
11. Rights of the data subject

Data subjects may exercise the rights provided for by Articles 15 et seq. of Regulation (EU) 2016/679, including the right to:

• access their personal data;
• request rectification or erasure;
• request restriction of processing;
• object to processing, where applicable;
• request data portability.

Requests may be submitted to:

• the Data Controller via PEC: risorseperroma@pec.rpr-spa.it or
• the Data Protection Officer via email: dpo@rpr-spa.it

Regulatory framework

• GDPR
• Legislative Decree 101/2018
• Data Protection Authority